$con->query("SELECT * FROM users WHERE username='$user' AND password='$pass'”);

Of course, $user and $pass are parameters directly passed to the query.

Well…. what about $user = LOL' -- -?

SELECT * FROM users WHERE username='LOL' -- -' AND password='anything'

-- is the comment syntax in SQL, so I need another char after the blank to trigger this trick (and avoid trimming).

Le jeux sont fait. This query returns every user stored on the DB.

Isn’t it so cute?

avalz also created a Virtual Machine (cyber-gym) which contains different exploitable web scripts. You can use them to practice aspects of Web Security.
That was the core of the first class; you can find the related slides here!

Next one will cover Android Security!

666c61677b696e6965747469616d6f5f636f6d655f695f70617a7a697d :-D

Andrea Valenza and Giovanni Lagorio doing their best. Photobombing on the left.